TL;DR: we have no plans for anonymous HTTPS by default, but will eventually default to HTTPS for logged-in users.
1. It would require an ssl terminator on every frontend cache. The ssl terminators eat memory, which is also what the frontend caches do. 2. HTTPS dramatically increases latency, which would be kind of painful for mobile. 3. Some countries may completely block HTTPS, but allow HTTP to our sites so that they can track users. Is it better for us to provide them content, or protect their privacy? 4. It's still possible for governments to see that people are going to wikimedia sites when using HTTPS, so it's still possible to oppress people for trying to visit sites that are disallowed.
On Sun, Apr 1, 2012 at 7:06 PM, David Gerard dgerard@gmail.com wrote:
Lots of monitoring going into place:
https://en.wikipedia.org/wiki/Wikipedia:List_of_articles_censored_in_Saudi_A... http://www.bbc.co.uk/news/uk-politics-17576745
What are the current technical barriers to redirection to https by default?
- d.
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l